sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Austin Songer	27ba204f1c	[New Rule] GCP Kubernetes Rolebindings Created or Patched (#1267 ) * Update impact_iam_deactivate_mfa_device.toml https://github.com/elastic/detection-rules/issues/1111 * Update impact_iam_deactivate_mfa_device.toml * Update discovery_post_exploitation_external_ip_lookup.toml "ipapi.co", "ip-lookup.net", "ipstack.com" Update rules/aws/impact_iam_deactivate_mfa_device.toml Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> * Revert "Update discovery_post_exploitation_external_ip_lookup.toml" This reverts commit b57fd60c9511e20a336d32a9c9b8d5cf9954c50e. * Update * New Rule: Okta User Attempted Unauthorized Access * Update privilege_escalation_okta_user_attempted_unauthorized_access.toml * Update privilege_escalation_okta_user_attempted_unauthorized_access.toml * Delete privilege_escalation_okta_user_attempted_unauthorized_access.toml * Create persistence_new-or-modified-federation-domain.toml * Delete persistence_new-or-modified-federation-domain.toml * Create credential_access_gcp_kubernetes_rolebindings_creation.toml * Update credential_access_gcp_kubernetes_rolebindings_creation.toml * Update credential_access_gcp_kubernetes_rolebindings_creation.toml * Update credential_access_gcp_kubernetes_rolebindings_creation.toml * Update credential_access_gcp_kubernetes_rolebindings_creation.toml * Update credential_access_gcp_kubernetes_rolebindings_creation.toml * Update credential_access_gcp_kubernetes_rolebindings_creation.toml * Update * Update .gitignore Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com> * Update rules/integrations/gcp/credential_access_gcp_kubernetes_rolebindings_creation.toml Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com> * Update credential_access_gcp_kubernetes_rolebindings_creation.toml * Update credential_access_gcp_kubernetes_rolebindings_creation.toml * Update and rename credential_access_gcp_kubernetes_rolebindings_creation.toml to credential_access_gcp_kubernetes_rolebindings_created_or_patched.toml * Update credential_access_gcp_kubernetes_rolebindings_created_or_patched.toml * Update credential_access_gcp_kubernetes_rolebindings_created_or_patched.toml * Rename credential_access_gcp_kubernetes_rolebindings_created_or_patched.toml to privilege_escalation_gcp_kubernetes_rolebindings_created_or_patched.toml * remove space from query Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com> Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>	2021-10-15 15:42:25 -03:00
Ross Wolf	1882f4456c	[Fleet] Track integrations in folder and metadata (#1372 ) * Track integrations in folder and metadata * Remove duplicate entry * Update note and tests	2021-07-21 15:24:56 -06:00

Author

SHA1

Message

Date

Austin Songer

27ba204f1c

[New Rule] GCP Kubernetes Rolebindings Created or Patched (#1267 )

* Update impact_iam_deactivate_mfa_device.toml

https://github.com/elastic/detection-rules/issues/1111

* Update impact_iam_deactivate_mfa_device.toml

* Update discovery_post_exploitation_external_ip_lookup.toml

        "*ipapi.co",
        "*ip-lookup.net",
        "*ipstack.com"

* Update rules/aws/impact_iam_deactivate_mfa_device.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

* Revert "Update discovery_post_exploitation_external_ip_lookup.toml"

This reverts commit b57fd60c9511e20a336d32a9c9b8d5cf9954c50e.

* Update

* New Rule: Okta User Attempted Unauthorized Access

* Update privilege_escalation_okta_user_attempted_unauthorized_access.toml

* Update privilege_escalation_okta_user_attempted_unauthorized_access.toml

* Delete privilege_escalation_okta_user_attempted_unauthorized_access.toml

* Create persistence_new-or-modified-federation-domain.toml

* Delete persistence_new-or-modified-federation-domain.toml

* Create credential_access_gcp_kubernetes_rolebindings_creation.toml

* Update credential_access_gcp_kubernetes_rolebindings_creation.toml

* Update credential_access_gcp_kubernetes_rolebindings_creation.toml

* Update credential_access_gcp_kubernetes_rolebindings_creation.toml

* Update credential_access_gcp_kubernetes_rolebindings_creation.toml

* Update credential_access_gcp_kubernetes_rolebindings_creation.toml

* Update credential_access_gcp_kubernetes_rolebindings_creation.toml

* Update

* Update .gitignore

Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com>

* Update rules/integrations/gcp/credential_access_gcp_kubernetes_rolebindings_creation.toml

Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com>

* Update credential_access_gcp_kubernetes_rolebindings_creation.toml

* Update credential_access_gcp_kubernetes_rolebindings_creation.toml

* Update and rename credential_access_gcp_kubernetes_rolebindings_creation.toml to credential_access_gcp_kubernetes_rolebindings_created_or_patched.toml

* Update credential_access_gcp_kubernetes_rolebindings_created_or_patched.toml

* Update credential_access_gcp_kubernetes_rolebindings_created_or_patched.toml

* Rename credential_access_gcp_kubernetes_rolebindings_created_or_patched.toml to privilege_escalation_gcp_kubernetes_rolebindings_created_or_patched.toml

* remove space from query

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com>
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

2021-10-15 15:42:25 -03:00

Ross Wolf

1882f4456c

[Fleet] Track integrations in folder and metadata (#1372 )

* Track integrations in folder and metadata
* Remove duplicate entry
* Update note and tests

2021-07-21 15:24:56 -06:00

2 Commits